From: QA Team Robot <qa@altlinux.org>
To: sisyphus-cybertalk@lists.altlinux.org
Subject: [cyber] I: p11/branch packages: +10 (19766)
Date: Thu, 4 Sep 2025 00:18:23 +0000
Message-ID: <aLjaz0Pf8sC+OYBx@beehive.mskdc.altlinux.org> (raw)
10 UPDATED packages
aardvark-dns - Authoritative DNS server for A/AAAA container records [22M]
* Mon Aug 18 2025 Alexey Shabalin <shaba@altlinux> 1.16.0-alt1
- New version 1.16.0.
* Mon May 19 2025 Alexey Shabalin <shaba@altlinux> 1.15.0-alt1
firefox - The Mozilla Firefox project is a redesign of Mozilla's browser [640M]
* Wed Aug 06 2025 Ajrat Makhmutov <rauty@altlinux> 141.0.2-alt1
- New version (141.0.2).
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt1
- New version (141.0).
- Fixes:
+ CVE-2025-8027: JavaScript engine only wrote partial return value to stack
+ CVE-2025-8028: Large branch table could lead to truncated instruction
+ CVE-2025-8041: Incorrect URL truncation in Firefox for Android
+ CVE-2025-8042: Sandboxed iframe could start downloads
+ CVE-2025-8029: javascript: URLs executed on object and embed tags
+ CVE-2025-8036: DNS rebinding circumvents CORS
+ CVE-2025-8037: Nameless cookies shadow secure cookies
+ CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command
+ CVE-2025-8043: Incorrect URL truncation
+ CVE-2025-8031: Incorrect URL stripping in CSP reports
+ CVE-2025-8032: XSLT documents could bypass CSP
+ CVE-2025-8038: CSP frame-src was not correctly enforced for paths
+ CVE-2025-8039: Search terms persisted in URL bar
+ CVE-2025-8033: Incorrect JavaScript state machine for generators
+ CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141
+ CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* Thu Jul 10 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.4-alt1
- New version (140.0.4).
- Terminate buggy unfinished D&D operation as DragDrop (closes: 54713).
* Sat Jun 28 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.2-alt1
gambit - Gambit-C Scheme programming system [11M]
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 4.9.7-alt4
- Extract C-precompiled files into the separate 'modules-C' package.
- List all module files and directories using a script.
* Fri Aug 29 2025 Paul Wolneykien <manowar@altlinux> 4.9.7-alt3
- Build with --enable-trust-c-tco configure option.
* Fri Aug 29 2025 Paul Wolneykien <manowar@altlinux> 4.9.7-alt2
- Applied 1e6655c upstream fix for executable-path test (thx Marc Feeley).
* Thu Aug 28 2025 Paul Wolneykien <manowar@altlinux> 4.9.7-alt1
- New version 4.9.7.
- Don't require /proc for building.
- Disable pre-compilation of the Emacs module.
- Skip executable-path test as it depends on /proc (patch).
- Delete unused patches.
* Fri Dec 01 2023 Paul Wolneykien <manowar@altlinux> 4.9.5-alt4
- Move gsc to 'devel' package, extract the 'modules' package and
place *.js in 'modules-js' package.
- Place module demos to examples/ (package 'docs').
- Add compilation options that seem to workaround compliation
of srfi/42.
- Add `--enable-moduledir=` option and install Gambit modules
in /usr/lib64/gambit.
- Remove AC_LANG(C++) from configure.ac and build with autoreconf.
- Disable duplicate-var-message patch (needs bootstrap to apply).
* Wed Nov 29 2023 Paul Wolneykien <manowar@altlinux> 4.9.5-alt3
- Make bootstrap in order to compile changes made by
gambit-4.9.5-duplicate-var-message.patch.
- Make the "duplicate pattern variable" message more informative
(patch).
- Switch to build from git.
- Remove target directory on module compilation error (patch).
* Mon Sep 11 2023 Paul Wolneykien <manowar@altlinux> 4.9.5-alt2
- Remove UTF-8 patch for docs (fixed in upstream).
* Mon Sep 11 2023 Paul Wolneykien <manowar@altlinux> 4.9.5-alt1
- New version 4.9.5.
* Sun Apr 09 2023 Michael Shigorin <mike@altlinux> 4.9.4-alt3
gambit-dsock - UNIX domain sockets for Gambit-C Scheme programming system
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.2.3-alt1
- Fixed library symlinks.
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.2.2-alt1
- Run gsc with -warnings and check for undefined symbols.
- Fix: Generate an incremental link file.
- Build so-named library and install it into /usr/lib64/.
* Thu Aug 28 2025 Paul Wolneykien <manowar@altlinux> 1.2.1-alt1
- Rebuild with a new version of Gambit.
- Use ___return() instead of ___result.
* Thu Jan 09 2025 Paul Wolneykien <manowar@altlinux> 1.2-alt4
- Ignore some compilation warnings to fix the build with GCC14.
- Build with the standard %optflags.
- Honor CFLAGS for compilation.
* Mon Feb 11 2019 Paul Wolneykien <manowar@altlinux> 1.2-alt3
gambit-signal - UNIX signal handling library for Gambit-C Scheme programming system
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.2.3-alt1
- Fixed library symlinks.
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.2.2-alt1
- Build so-named library and install it into /usr/lib64/.
- Run gsc with -warnings and check for undefined symbols.
- Fix: Generate an incremental link file.
* Thu Aug 28 2025 Paul Wolneykien <manowar@altlinux> 1.2.1-alt1
- Rebuild with a new version of Gambit.
- Use ___return() instead of ___result.
* Thu Jan 09 2025 Paul Wolneykien <manowar@altlinux> 1.2-alt5
- Ignore some compilation warnings to fix the build with GCC14.
- Build with the standard %optflags.
- Honor CFLAGS for compilation.
* Mon Feb 11 2019 Michael Shigorin <mike@altlinux> 1.2-alt4
gambit-sqlite3 - SQLite3 database library for Gambit-C Scheme programming system
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.3.4-alt1
- Fixed library symlinks.
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 1.3.3-alt1
- Run gsc with -warnings and check for undefined symbols.
- Fix: Generate an incremental link file.
- Build so-named library and install it into /usr/lib64/.
* Thu Aug 28 2025 Paul Wolneykien <manowar@altlinux> 1.3.2-alt1
- Rebuild with a new version of Gambit.
- Use ___return() instead of ___result.
* Thu Jan 09 2025 Paul Wolneykien <manowar@altlinux> 1.3.1-alt2
- Ignore some compilation warnings to fix the build with GCC14.
- Build with the standard %optflags.
- Honor CFLAGS for compilation.
* Mon Feb 13 2023 Paul Wolneykien <manowar@altlinux> 1.3.1-alt1
libwmf - A library to convert wmf files
* Sat Apr 05 2025 Anton Farygin <rider@altlinux> 0.2.13-alt1
- 0.2.8.4 -> 0.2.13
* Wed Sep 27 2017 Anton V. Boyarshinov <boyarsh@altlinux> 0.2.8.4-alt13
netavark - OCI network stack [23M]
* Tue Sep 02 2025 Alexey Shabalin <shaba@altlinux> 1.16.1-alt1
- New version 1.16.1.
* Mon Aug 18 2025 Alexey Shabalin <shaba@altlinux> 1.16.0-alt1
- New version 1.16.0.
- Fixes a compatibility problem with nftables v1.1.4.
* Tue Jun 17 2025 Alexey Shabalin <shaba@altlinux> 1.15.2-alt1
squidmill - Squid proxy server access log collector with rounding support
* Sat Aug 30 2025 Paul Wolneykien <manowar@altlinux> 2.7.0-alt2
- Build without RPATH.
* Thu Aug 28 2025 Paul Wolneykien <manowar@altlinux> 2.7.0-alt1
- Added a special test with no debug messages in daemon log (closes: 30142).
- Make SysV-init script to remove the socket file on stop (closes: 29894).
- Also, add support to print the test main log on success (PRINT_LOG_OK).
- Repeat all tests 10 times when building.
- Fixed/improved C-interface functions with Gambit 4.9.7.
- Allow to select tests (RUN_TESTS) and to repeat them (TEST_COUNT).
- Reworked tests + more tests.
- Reworked top-level exception handling.
- Rewrote the file-follow machinery (in the hope it's more stable now).
* Fri Aug 22 2025 Paul Wolneykien <manowar@altlinux> 2.6.4-alt1
- Version 2.6.4.
- Replace SRFI-1 named getters with list-ref to avoid call
to undefined symbols with some versions of Gambit (Fixes:
OVE-20250822-0001).
- Run gsc with -warnings and check for undefined symbols.
- Fixed the extra log title in test output.
- Try to improve backtrace on error.
* Thu Aug 21 2025 Paul Wolneykien <manowar@altlinux> 2.6.3-alt1
- Output SQL statements to the log with debug level > 1 only (-D -D).
- Print test logs on test fail (PRINT_LOG=1).
- Improved tests.
* Tue Aug 19 2025 Paul Wolneykien <manowar@altlinux> 2.6.2-alt2
- Make [/var]/run/squidmill a ghost dir.
* Tue Aug 19 2025 Paul Wolneykien <manowar@altlinux> 2.6.2-alt1
- Use squidmill.service unit to configure some fragile options
(closes: 50276, 55654, 29894).
* Wed Feb 19 2025 Paul Wolneykien <manowar@altlinux> 2.6.1-alt3
- Fixed build (drop rpm-macros-fillup).
* Thu Jan 09 2025 Paul Wolneykien <manowar@altlinux> 2.6.1-alt2
- Build with the standard %optflags.
- Honor CFLAGS for compilation.
* Tue Feb 14 2023 Paul Wolneykien <manowar@altlinux> 2.6.1-alt1
thunderbird - Thunderbird is Mozilla's e-mail client [752M]
* Tue Jul 29 2025 Ajrat Makhmutov <rauty@altlinux> 141.0-alt1
- New version.
- Fixes:
+ CVE-2025-8027: JavaScript engine only wrote partial return value to stack
+ CVE-2025-8028: Large branch table could lead to truncated instruction
+ CVE-2025-8029: javascript: URLs executed on object and embed tags
+ CVE-2025-8036: DNS rebinding circumvents CORS
+ CVE-2025-8037: Nameless cookies shadow secure cookies
+ CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command
+ CVE-2025-8043: Incorrect URL truncation
+ CVE-2025-8031: Incorrect URL stripping in CSP reports
+ CVE-2025-8032: XSLT documents could bypass CSP
+ CVE-2025-8038: CSP frame-src was not correctly enforced for paths
+ CVE-2025-8039: Search terms persisted in URL bar
+ CVE-2025-8033: Incorrect JavaScript state machine for generators
+ CVE-2025-8044: Memory safety bugs fixed in Firefox 141 and Thunderbird 141
+ CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
+ CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141
* Thu Jul 10 2025 Ajrat Makhmutov <rauty@altlinux> 140.0.1-alt1
- New version.
* Mon Jul 07 2025 Ivan A. Melnikov <iv@altlinux> 140.0-alt2
- NMU: Disable crashreporter on loongarch64 and riscv64
as it does not support these architectures yet (fixes FTBFS)
* Sat Jul 05 2025 Ajrat Makhmutov <rauty@altlinux> 140.0-alt1
- New version.
- Security fixes:
+ CVE-2025-6424: Use-after-free in FontFaceSet
+ CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID
+ CVE-2025-6426: No warning when opening executable terminal files on macOS
+ CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed
+ CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
+ CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag
+ CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy
+ CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
+ CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay
+ CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension
+ CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140
* Wed Jun 11 2025 Ajrat Makhmutov <rauty@altlinux> 139.0.2-alt1
Total 19766 source packages.
reply other threads:[~2025-09-04 0:18 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLjaz0Pf8sC+OYBx@beehive.mskdc.altlinux.org \
--to=qa@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=sisyphus-cybertalk@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus cybertalk
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-cybertalk/0 sisyphus-cybertalk/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-cybertalk sisyphus-cybertalk/ http://lore.altlinux.org/sisyphus-cybertalk \
sisyphus-cybertalk@lists.altlinux.org sisyphus-cybertalk@lists.altlinux.ru sisyphus-cybertalk@lists.altlinux.com
public-inbox-index sisyphus-cybertalk
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-cybertalk
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git